Skip to content

Commit

Permalink
Fixed bug with incorrect username if no configured actor, closes #14
Browse files Browse the repository at this point in the history
  • Loading branch information
simonw committed Dec 11, 2020
1 parent cc5580f commit 5715db6
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 14 deletions.
8 changes: 6 additions & 2 deletions datasette_auth_passwords/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,11 @@ async def password_tool(request, datasette):
hashed_password = hash_password(password)
return Response.html(
await datasette.render_template(
"password_tool.html", {"hashed_password": hashed_password,}, request=request
"password_tool.html",
{
"hashed_password": hashed_password,
},
request=request,
)
)

Expand All @@ -34,7 +38,7 @@ async def password_login(request, datasette):
# Look up user
password_hash = accounts.get(username)
if password_hash and verify_password(password, password_hash):
actor = actors.get(username) or {"id": "username"}
actor = actors.get(username) or {"id": username}
response = Response.redirect("/")
response.set_cookie("ds_actor", datasette.sign({"a": actor}, "actor"))
return response
Expand Down
6 changes: 5 additions & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,5 +31,9 @@ def get_long_description():
install_requires=["datasette>=0.44"],
extras_require={"test": ["pytest", "pytest-asyncio", "httpx"]},
tests_require=["datasette-auth-passwords[test]"],
package_data={"datasette_auth_passwords": ["templates/*.html",]},
package_data={
"datasette_auth_passwords": [
"templates/*.html",
]
},
)
23 changes: 12 additions & 11 deletions tests/test_auth_passwords.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,9 @@
TEST_METADATA = {
"plugins": {
"datasette-auth-passwords": {
"actors": {"user1": {"id": "user1", "name": "User 1"}},
"actors": {"user1": {"id": "userone", "name": "User 1"}},
"user1_password_hash": PASSWORD_HASH,
"user2_password_hash": PASSWORD_HASH,
}
}
}
Expand Down Expand Up @@ -77,15 +78,16 @@ async def test_login_warning_no_accounts():

@pytest.mark.asyncio
@pytest.mark.parametrize(
"username,password,should_login",
"username,password,should_login,expected_username",
[
("user1", "password!", True),
("user1", "password", False),
("user1", "", False),
("user2", "password!", False),
("user1", "password!", True, "userone"),
("user1", "password", False, None),
("user2", "", False, None),
("user2", "password!", True, "user2"),
("user3", "password!", False, None),
],
)
async def test_login(username, password, should_login):
async def test_login(username, password, should_login, expected_username):
ds = Datasette([], memory=True, metadata=TEST_METADATA)
async with httpx.AsyncClient(app=ds.app()) as client:
# Get csrftoken
Expand All @@ -99,10 +101,9 @@ async def test_login(username, password, should_login):
)
if should_login:
assert response.status_code == 302
ds_actor = response.cookies["ds_actor"]
assert ds.unsign(ds_actor, "actor") == {
"a": {"id": "user1", "name": "User 1"}
}
ds_actor_cookie = response.cookies["ds_actor"]
ds_actor = ds.unsign(ds_actor_cookie, "actor")["a"]
assert ds_actor["id"] == expected_username
else:
assert response.status_code == 200
assert "Invalid username or password" in response.text

0 comments on commit 5715db6

Please sign in to comment.